# Определяем пользователя, под которым работает nginx
user www-data;
# Определяем количество рабочих процессов автоматически
# Параметр auto поддерживается только начиная с версий 1.3.8 и 1.2.5.
worker_processes auto;
# Определяем, куда писать лог ошибок и уровень логирования
For this configuration you can use web server you like, i decided, because i work mostly with it to use nginx.
Generally, properly configured nginx can handle up to 400K to 500K requests per second (clustered), most what i saw is 50K to 80K (non-clustered) requests per second and 30% CPU load, course, this was 2 x Intel Xeon
with HyperThreading enabled, but it can work without problem on slower machines.
You must understand that this config is used in testing environment and not in production so you will need to find a way to implement most of those features best possible for your servers.
This step is recommended if you are running your server in the cloud, such as a droplet made on Digital Ocean. If this is the case, you need to secure the server for your safety as well as others to prevent aiding in DDoS attacks.
In addition to the risk of being an open resolver, your Web interface is also open to the world increasing the risk. So you will want to prevent ports 53 and 80, respectively, from being accessible from the public Internet.
It's recommended that you clear out your entire firewall so you have full control over it's setup. You have two options for setting up your firewall with your VPN.
I hereby claim:
- I am vbratkev on github.
- I am vbratkev (https://keybase.io/vbratkev) on keybase.
- I have a public key ASCSFy-uKC7O2tX4olYN4L8jSZ-i86Qov5ND2yukdQA1lAo
To claim this, I am signing this object:
## AWS | |
# Amazon Web Services (No Header Required) | |
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy | |
http://169.254.169.254/latest/user-data | |
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] | |
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME] | |
http://169.254.169.254/latest/meta-data/ami-id | |
http://169.254.169.254/latest/meta-data/reservation-id | |
http://169.254.169.254/latest/meta-data/hostname |
# set prefix to control-f | |
set -g prefix C-f | |
#unbind system defined prefix | |
unbind C-b | |
# helps in faster key repetition | |
set -sg escape-time 0 | |
# start session number from 1 rather than 0 |
*nat | |
-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -m statistic --mode nth --every 8 --packet 0 -j REDIRECT --to-ports 8087 | |
-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -m statistic --mode nth --every 7 --packet 0 -j REDIRECT --to-ports 8086 | |
-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -m statistic --mode nth --every 6 --packet 0 -j REDIRECT --to-ports 8085 | |
-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -m statistic --mode nth --every 5 --packet 0 -j REDIRECT --to-ports 8084 | |
-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -m statistic --mode nth --every 4 --packet 0 -j REDIRECT --to-ports 8083 | |
-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -m statistic --mode nth --every 3 --packet 0 -j REDIRECT --to-ports 8082 | |
-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -m statistic --mode nth --every 2 --packet 0 -j REDIRECT --to-ports 8081 | |
-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080 |
groups: | |
- name: datetime | |
rules: | |
- record: daily_saving_time_belgium | |
expr: | | |
(vector(0) and (month() < 3 or month() > 10)) | |
or | |
(vector(1) and (month() > 3 and month() < 10)) | |
or | |
( |
#cloud-config | |
coreos: | |
etcd2: | |
# generate a token from https://discovery.etcd.io/new?size=3 | |
discovery: https://discovery.etcd.io/<token> | |
advertise-client-urls: http://$private_ipv4:2379 | |
initial-advertise-peer-urls: http://$private_ipv4:2380 | |
listen-client-urls: http://0.0.0.0:2379 | |
listen-peer-urls: http://$private_ipv4:2380 |
-- show running queries (pre 9.2) | |
SELECT procpid, age(clock_timestamp(), query_start), usename, current_query | |
FROM pg_stat_activity | |
WHERE current_query != '<IDLE>' AND current_query NOT ILIKE '%pg_stat_activity%' | |
ORDER BY query_start desc; | |
-- show running queries (9.2) | |
SELECT pid, age(clock_timestamp(), query_start), usename, query | |
FROM pg_stat_activity | |
WHERE query != '<IDLE>' AND query NOT ILIKE '%pg_stat_activity%' |